client, cmd/tailscale/cli, feature/relayserver, net/udprelay: implement tailscale debug peer-relay-sessions (#17239)

Fixes tailscale/corp#30035 Signed-off-by: Dylan Bargatze <dylan@tailscale.com> Signed-off-by: Jordan Whited <jordan@tailscale.com> Co-authored-by: Dylan Bargatze <dylan@tailscale.com>
2025-10-28 05:00:08 +00:00 · 2025-09-23 15:26:10 -07:00
parent 87ccfbd250
commit 4657cbdb11
13 changed files with 341 additions and 7 deletions
--- a/cmd/derper/depaware.txt
+++ b/cmd/derper/depaware.txt
@@ -122,6 +122,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
        tailscale.com/net/tlsdial/blockblame                         from tailscale.com/net/tlsdial
        tailscale.com/net/tsaddr                                     from tailscale.com/ipn+
     💣 tailscale.com/net/tshttpproxy                                from tailscale.com/derp/derphttp+
+        tailscale.com/net/udprelay/status                            from tailscale.com/client/local
        tailscale.com/net/wsconn                                     from tailscale.com/cmd/derper
        tailscale.com/paths                                          from tailscale.com/client/local
     💣 tailscale.com/safesocket                                     from tailscale.com/client/local
--- a/cmd/k8s-operator/depaware.txt
+++ b/cmd/k8s-operator/depaware.txt
@@ -883,6 +883,7 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
     💣 tailscale.com/net/tshttpproxy                                from tailscale.com/clientupdate/distsign+
        tailscale.com/net/tstun                                      from tailscale.com/tsd+
        tailscale.com/net/udprelay/endpoint                          from tailscale.com/wgengine/magicsock
+        tailscale.com/net/udprelay/status                            from tailscale.com/client/local
        tailscale.com/omit                                           from tailscale.com/ipn/conffile
        tailscale.com/paths                                          from tailscale.com/client/local+
     💣 tailscale.com/portlist                                       from tailscale.com/ipn/ipnlocal
--- a/cmd/tailscale/cli/debug-peer-relay.go
+++ b/cmd/tailscale/cli/debug-peer-relay.go
@@ -0,0 +1,77 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+//go:build !ios && !ts_omit_relayserver
+
+package cli
+
+import (
+	"bytes"
+	"cmp"
+	"context"
+	"fmt"
+	"net/netip"
+	"slices"
+
+	"github.com/peterbourgon/ff/v3/ffcli"
+	"tailscale.com/net/udprelay/status"
+)
+
+func init() {
+	debugPeerRelayCmd = mkDebugPeerRelaySessionsCmd
+}
+
+func mkDebugPeerRelaySessionsCmd() *ffcli.Command {
+	return &ffcli.Command{
+		Name:       "peer-relay-sessions",
+		ShortUsage: "tailscale debug peer-relay-sessions",
+		Exec:       runPeerRelaySessions,
+		ShortHelp:  "Print the current set of active peer relay sessions relayed through this node",
+	}
+}
+
+func runPeerRelaySessions(ctx context.Context, args []string) error {
+	srv, err := localClient.DebugPeerRelaySessions(ctx)
+	if err != nil {
+		return err
+	}
+
+	var buf bytes.Buffer
+	f := func(format string, a ...any) { fmt.Fprintf(&buf, format, a...) }
+
+	f("Server port: ")
+	if srv.UDPPort == nil {
+		f("not configured (you can configure the port with 'tailscale set --relay-server-port=<PORT>')")
+	} else {
+		f("%d", *srv.UDPPort)
+	}
+	f("\n")
+	f("Sessions count: %d\n", len(srv.Sessions))
+	if len(srv.Sessions) == 0 {
+		Stdout.Write(buf.Bytes())
+		return nil
+	}
+
+	fmtSessionDirection := func(a, z status.ClientInfo) string {
+		fmtEndpoint := func(ap netip.AddrPort) string {
+			if ap.IsValid() {
+				return ap.String()
+			}
+			return "<no handshake>"
+		}
+		return fmt.Sprintf("%s(%s) --> %s(%s), Packets: %d Bytes: %d",
+			fmtEndpoint(a.Endpoint), a.ShortDisco,
+			fmtEndpoint(z.Endpoint), z.ShortDisco,
+			a.PacketsTx, a.BytesTx)
+	}
+
+	f("\n")
+	slices.SortFunc(srv.Sessions, func(s1, s2 status.ServerSession) int { return cmp.Compare(s1.VNI, s2.VNI) })
+	for _, s := range srv.Sessions {
+		f("VNI: %d\n", s.VNI)
+		f("  %s\n", fmtSessionDirection(s.Client1, s.Client2))
+		f("  %s\n", fmtSessionDirection(s.Client2, s.Client1))
+	}
+	Stdout.Write(buf.Bytes())
+	return nil
+}
--- a/cmd/tailscale/cli/debug.go
+++ b/cmd/tailscale/cli/debug.go
@@ -49,8 +49,9 @@ import (
 )

 var (
-	debugCaptureCmd func() *ffcli.Command // or nil
-	debugPortmapCmd func() *ffcli.Command // or nil
+	debugCaptureCmd   func() *ffcli.Command // or nil
+	debugPortmapCmd   func() *ffcli.Command // or nil
+	debugPeerRelayCmd func() *ffcli.Command // or nil
 )

 func debugCmd() *ffcli.Command {
@@ -374,6 +375,7 @@ func debugCmd() *ffcli.Command {
 					return fs
 				})(),
 			},
+			ccall(debugPeerRelayCmd),
 		}...),
 	}
 }
--- a/cmd/tailscale/depaware.txt
+++ b/cmd/tailscale/depaware.txt
@@ -143,6 +143,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
        tailscale.com/net/tlsdial/blockblame                         from tailscale.com/net/tlsdial
        tailscale.com/net/tsaddr                                     from tailscale.com/client/web+
     💣 tailscale.com/net/tshttpproxy                                from tailscale.com/clientupdate/distsign+
+        tailscale.com/net/udprelay/status                            from tailscale.com/client/local+
        tailscale.com/paths                                          from tailscale.com/client/local+
     💣 tailscale.com/safesocket                                     from tailscale.com/client/local+
        tailscale.com/syncs                                          from tailscale.com/control/controlhttp+
--- a/cmd/tailscaled/depaware.txt
+++ b/cmd/tailscaled/depaware.txt
@@ -358,6 +358,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
        tailscale.com/net/tstun                                      from tailscale.com/cmd/tailscaled+
        tailscale.com/net/udprelay                                   from tailscale.com/feature/relayserver
        tailscale.com/net/udprelay/endpoint                          from tailscale.com/feature/relayserver+
+        tailscale.com/net/udprelay/status                            from tailscale.com/client/local+
        tailscale.com/omit                                           from tailscale.com/ipn/conffile
        tailscale.com/paths                                          from tailscale.com/client/local+
     💣 tailscale.com/portlist                                       from tailscale.com/ipn/ipnlocal
--- a/cmd/tsidp/depaware.txt
+++ b/cmd/tsidp/depaware.txt
@@ -314,6 +314,7 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
     💣 tailscale.com/net/tshttpproxy                                from tailscale.com/clientupdate/distsign+
        tailscale.com/net/tstun                                      from tailscale.com/tsd+
        tailscale.com/net/udprelay/endpoint                          from tailscale.com/wgengine/magicsock
+        tailscale.com/net/udprelay/status                            from tailscale.com/client/local
        tailscale.com/omit                                           from tailscale.com/ipn/conffile
        tailscale.com/paths                                          from tailscale.com/client/local+
     💣 tailscale.com/portlist                                       from tailscale.com/ipn/ipnlocal